GTP Basics

GTP comprises control plane (GTP-C), user plane (GTP-U) and charging (GTP' derived from GTP-C) traffic transferred on UDP/IP. GTP Security on the Palo Alto Networks firewalls support up to 3GPP TS 29.060 release 11.10 for GTPv2-C and GTPv1-C, and up to 3GPP TS 29.274 release 11.6 for GTP-U on PAN-OS 8.0.4 through PAN-OS 8.0.6; PAN-OS 8.0.7 and later support up to 3GPP T.S 29.274 release 13.4 for GTPv2-C and GTPv1-C and 3GPP T.S 29.281 release 13.0 for GTP-U.
Enabling GTP Security on the Palo Alto Networks firewalls allows you to protect the mobile core network infrastructure from malformed GTP packets, denial of service attacks, out of state GTP messages, and also protect mobile subscribers from spoofed IP packets and overbilling attacks.
GTPv1-C is defined in 3GPP TS 29.060. It is used on Gn interface, i.e. the interface between GPRS support nodes (GSNs) within a public land mobile network (PLMN), and also across Gp interface between GSNs in different PLMNs. It is also used for roaming and inter access mobility between Gn/Gp SGSNs and mobility management entity (MMEs). GTPv1-C carries various type of control plane signaling messages. The registered port number for GTPv1-C is 2123.
GTPv2-C is defined in 3GPP TS 29.274. It is used on various EPC (Evolved Packet Core) signaling interfaces like S5, S8, S11, S3 etc. GTPv2-C carries various type of control plane signaling messages. The registered port number for GTPv2-C is 2123.
GTP-U is defined in 3GPP TS 29.281. It encapsulates and route user plane traffic across multiple signaling interfaces like S1, S5, S8, S3 etc. GTP-U messages are either user plane or signaling messages. The registered port number for GTP-U is 2152.

Related Documentation